Abstract:
As the key facility that maintains the network security , firewalls take the purpose of establishing an obstacle between trust and trustless network, and put corresponding safety strategy into practice. In this paper , the computer network security and the techniques of firewalls were mainly discussed, the concept and classification of the firewalls were introduced. It also introduced three kind's of basic implement techniques of the firewalls: Packet filtering , Application Proxy and Monitor model in detail. Finally described the trend of development of the firewalls techniques in Internet briefly.
Key words: network security, firewalls, Packet filtering, monitor
1. Introduction
Now with the computer network and e-commerce used widely, network security has become an important problem that we must consider and resolve. More and more professions. enterprises and individuals surfer from the security problem in different degree. they are looking for the more reliable safety solution . In the defense system adopted by network security at present, the firewalls stand the very important position.
As the key facility that maintains the network security. firewalls take the purpose of establishing an obstacle between trust and trustless network, and put corresponding safety strategy into practice.
All the firewalls have the function to filter the IP address. This task checks the IP packet, makes the decision whether to release or to abandon it according to the source address and destination address of the IP. Shown in Fig.I, there is a firewall between two network sections, an UNIX computer is on one side of the firewall, and the other side is a PC client. While the PC client asks a telnet request for the UNIX computer, the client procedure of telnet in the PC produces a TCP packet and passes the packet to the local protocol stack to prepare to send. The protocol stack fills it in one IP packet. then, sends it to UNIX computer through the path defined by the TCP/IP stack of PC. The IP packet can't reach the UNIX computer until it passes the firewall between the PC and the UNIX computer.



摘要：
作為關(guān)鍵設(shè)施，維護(hù)網(wǎng)絡(luò)的安全性，防火墻采取建立信任與不可靠的網(wǎng)絡(luò)障礙的目的，并落實相應(yīng)的安全策略。在這個文件中，計算機(jī)網(wǎng)絡(luò)安全與防火墻的技術(shù)，主要討論的概念和分類，介紹了防火墻。它還介紹了三種基本的防火墻實現(xiàn)技術(shù)：分組過濾，代理服務(wù)器和應(yīng)用詳細(xì)監(jiān)測模型的。最后描述對互聯(lián)網(wǎng)的簡單防火墻技術(shù)的發(fā)展趨勢。
關(guān)鍵詞：網(wǎng)絡(luò)安全，防火墻，包過濾，監(jiān)控
1 介紹
現(xiàn)在，隨著計算機(jī)網(wǎng)絡(luò)和電子商務(wù)的廣泛應(yīng)用，網(wǎng)絡(luò)安全已成為一個我們必須考慮和解決的重要問題。越來越多的專業(yè)，企業(yè)和個人上網(wǎng)的不同程度的安全問題。他們正在尋找更可靠的安全解決方案。在防御系統(tǒng)所采用的網(wǎng)絡(luò)安全的現(xiàn)狀，防火墻占據(jù)了非常重要的地位。
作為維護(hù)網(wǎng)絡(luò)安全的關(guān)鍵設(shè)施，防火墻采取建立一個障礙在信任和不信任的網(wǎng)絡(luò)之間，并實施相應(yīng)的安全策略。
所有的防火墻具有過濾IP地址的功能。這項任務(wù)是檢查IP數(shù)據(jù)包，根據(jù)源地址和目的IP地址決定是否釋放或放棄這個數(shù)據(jù)包。在圖1所示，在兩個網(wǎng)段中間有一個防火墻，一側(cè)是UNIX計算機(jī)，另一側(cè)是PC客戶端。當(dāng)PC客戶端向UNIX 計算機(jī)發(fā)送遠(yuǎn)程登陸請求時，PC里的遠(yuǎn)程登陸客戶端程序產(chǎn)生一個TCP數(shù)據(jù)包并把此包傳遞給本地協(xié)議棧準(zhǔn)備發(fā)送。協(xié)議棧把它填充在一個IP數(shù)據(jù)包內(nèi)，然后通過PC的TCP/IP協(xié)議棧中定義的路徑發(fā)送到UNIX計算機(jī)。在它通過PC和UNIX計算機(jī)之間的防火墻之前，這個IP包不能送達(dá)UNIX計算機(jī)。